Update all tests. Re-organize EXPECTED values, update some regex expressions.

2017-08-15 13:41:51 -04:00 · 2017-08-15 13:41:51 -04:00 · 4ffc8edeeb
parent 1b48ad9778
commit 4ffc8edeeb
18 changed files with 162 additions and 155 deletions
--- a/stix2/test/test_attack_pattern.py
+++ b/stix2/test/test_attack_pattern.py
@ -9,18 +9,18 @@ from .constants import ATTACK_PATTERN_ID


 EXPECTED = """{
+    "type": "attack-pattern",
+    "id": "attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
    "created": "2016-05-12T08:17:27.000Z",
+    "modified": "2016-05-12T08:17:27.000Z",
+    "name": "Spear Phishing",
    "description": "...",
    "external_references": [
        {
-            "external_id": "CAPEC-163",
-            "source_name": "capec"
+            "source_name": "capec",
+            "external_id": "CAPEC-163"
        }
-    ],
-    "id": "attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
-    "modified": "2016-05-12T08:17:27.000Z",
-    "name": "Spear Phishing",
-    "type": "attack-pattern"
+    ]
 }"""


--- a/stix2/test/test_bundle.py
+++ b/stix2/test/test_bundle.py
@ -4,41 +4,41 @@ import stix2


 EXPECTED_BUNDLE = """{
+    "type": "bundle",
    "id": "bundle--00000000-0000-0000-0000-000000000004",
+    "spec_version": "2.0",
    "objects": [
        {
-            "created": "2017-01-01T12:34:56.000Z",
+            "type": "indicator",
            "id": "indicator--00000000-0000-0000-0000-000000000001",
+            "created": "2017-01-01T12:34:56.000Z",
+            "modified": "2017-01-01T12:34:56.000Z",
            "labels": [
                "malicious-activity"
            ],
-            "modified": "2017-01-01T12:34:56.000Z",
            "pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
-            "type": "indicator",
            "valid_from": "2017-01-01T12:34:56Z"
        },
        {
-            "created": "2017-01-01T12:34:56.000Z",
+            "type": "malware",
            "id": "malware--00000000-0000-0000-0000-000000000002",
-            "labels": [
-                "ransomware"
-            ],
+            "created": "2017-01-01T12:34:56.000Z",
            "modified": "2017-01-01T12:34:56.000Z",
            "name": "Cryptolocker",
-            "type": "malware"
+            "labels": [
+                "ransomware"
+            ]
        },
        {
-            "created": "2017-01-01T12:34:56.000Z",
+            "type": "relationship",
            "id": "relationship--00000000-0000-0000-0000-000000000003",
+            "created": "2017-01-01T12:34:56.000Z",
            "modified": "2017-01-01T12:34:56.000Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef",
-            "target_ref": "malware--fedcba98-7654-3210-fedc-ba9876543210",
-            "type": "relationship"
+            "target_ref": "malware--fedcba98-7654-3210-fedc-ba9876543210"
        }
-    ],
-    "spec_version": "2.0",
-    "type": "bundle"
+    ]
 }"""


@ -84,7 +84,7 @@ def test_bundle_with_wrong_spec_version():

 def test_create_bundle(indicator, malware, relationship):
    bundle = stix2.Bundle(objects=[indicator, malware, relationship])
-
+    print(bundle)
    assert str(bundle) == EXPECTED_BUNDLE


--- a/stix2/test/test_campaign.py
+++ b/stix2/test/test_campaign.py
@ -9,13 +9,13 @@ from .constants import CAMPAIGN_ID


 EXPECTED = """{
-    "created": "2016-04-06T20:03:00.000Z",
-    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
-    "description": "Campaign by Green Group against a series of targets in the financial services sector.",
+    "type": "campaign",
    "id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
+    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
+    "created": "2016-04-06T20:03:00.000Z",
    "modified": "2016-04-06T20:03:00.000Z",
    "name": "Green Group Attacks Against Finance",
-    "type": "campaign"
+    "description": "Campaign by Green Group against a series of targets in the financial services sector."
 }"""


--- a/stix2/test/test_course_of_action.py
+++ b/stix2/test/test_course_of_action.py
@ -9,13 +9,13 @@ from .constants import COURSE_OF_ACTION_ID


 EXPECTED = """{
-    "created": "2016-04-06T20:03:48.000Z",
-    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
-    "description": "This is how to add a filter rule to block inbound access to TCP port 80 to the existing UDP 1434 filter ...",
+    "type": "course-of-action",
    "id": "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
+    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
+    "created": "2016-04-06T20:03:48.000Z",
    "modified": "2016-04-06T20:03:48.000Z",
    "name": "Add TCP port 80 Filter Rule to the existing Block UDP 1434 Filter",
-    "type": "course-of-action"
+    "description": "This is how to add a filter rule to block inbound access to TCP port 80 to the existing UDP 1434 filter ..."
 }"""


--- a/stix2/test/test_custom.py
+++ b/stix2/test/test_custom.py
@ -74,11 +74,11 @@ def test_parse_identity_custom_property(data):
    assert identity.foo == "bar"


-@stix2.sdo.CustomObject('x-new-type', {
-    'property1': stix2.properties.StringProperty(required=True),
-    'property2': stix2.properties.IntegerProperty(),
-})
-class NewType():
+@stix2.sdo.CustomObject('x-new-type', [
+    ('property1', stix2.properties.StringProperty(required=True)),
+    ('property2', stix2.properties.IntegerProperty()),
+])
+class NewType(object):
    def __init__(self, property2=None, **kwargs):
        if property2 and property2 < 10:
            raise ValueError("'property2' is too small.")
@ -106,11 +106,12 @@ def test_parse_custom_object_type():
    assert nt.property1 == 'something'


-@stix2.observables.CustomObservable('x-new-observable', {
-    'property1': stix2.properties.StringProperty(required=True),
-    'property2': stix2.properties.IntegerProperty(),
-})
-class NewObservable():
+@stix2.observables.CustomObservable('x-new-observable', [
+    ('property1', stix2.properties.StringProperty(required=True)),
+    ('property2', stix2.properties.IntegerProperty()),
+    ('x_property3', stix2.properties.BooleanProperty()),
+])
+class NewObservable(object):
    def __init__(self, property2=None, **kwargs):
        if property2 and property2 < 10:
            raise ValueError("'property2' is too small.")
@ -133,7 +134,7 @@ def test_parse_custom_observable_object():
        "property1": "something"
    }"""

-    nt = stix2.parse_observable(nt_string)
+    nt = stix2.parse_observable(nt_string, [])
    assert nt.property1 == 'something'


--- a/stix2/test/test_external_reference.py
+++ b/stix2/test/test_external_reference.py
@ -8,9 +8,12 @@ import stix2


 VERIS = """{
-    "external_id": "0001AA7F-C601-424A-B2B8-BE6C9F5164E7",
    "source_name": "veris",
-    "url": "https://github.com/vz-risk/VCDB/blob/master/data/json/0001AA7F-C601-424A-B2B8-BE6C9F5164E7.json"
+    "url": "https://github.com/vz-risk/VCDB/blob/master/data/json/0001AA7F-C601-424A-B2B8-BE6C9F5164E7.json",
+    "hashes": {
+        "SHA-256": "6db12788c37247f2316052e142f42f4b259d6561751e5f401a1ae2a6df9c674b"
+    },
+    "external_id": "0001AA7F-C601-424A-B2B8-BE6C9F5164E7"
 }"""


@ -18,6 +21,9 @@ def test_external_reference_veris():
    ref = stix2.ExternalReference(
        source_name="veris",
        external_id="0001AA7F-C601-424A-B2B8-BE6C9F5164E7",
+        hashes={
+            "SHA-256": "6db12788c37247f2316052e142f42f4b259d6561751e5f401a1ae2a6df9c674b"
+        },
        url="https://github.com/vz-risk/VCDB/blob/master/data/json/0001AA7F-C601-424A-B2B8-BE6C9F5164E7.json",
    )

@ -25,8 +31,8 @@ def test_external_reference_veris():


 CAPEC = """{
-    "external_id": "CAPEC-550",
-    "source_name": "capec"
+    "source_name": "capec",
+    "external_id": "CAPEC-550"
 }"""


@ -37,13 +43,13 @@ def test_external_reference_capec():
    )

    assert str(ref) == CAPEC
-    assert re.match("ExternalReference\(external_id=u?'CAPEC-550', source_name=u?'capec'\)", repr(ref))
+    assert re.match("ExternalReference\(source_name=u?'capec', external_id=u?'CAPEC-550'\)", repr(ref))


 CAPEC_URL = """{
-    "external_id": "CAPEC-550",
    "source_name": "capec",
-    "url": "http://capec.mitre.org/data/definitions/550.html"
+    "url": "http://capec.mitre.org/data/definitions/550.html",
+    "external_id": "CAPEC-550"
 }"""


@ -58,8 +64,8 @@ def test_external_reference_capec_url():


 THREAT_REPORT = """{
-    "description": "Threat report",
    "source_name": "ACME Threat Intel",
+    "description": "Threat report",
    "url": "http://www.example.com/threat-report.pdf"
 }"""

@ -75,9 +81,9 @@ def test_external_reference_threat_report():


 BUGZILLA = """{
-    "external_id": "1370",
    "source_name": "ACME Bugzilla",
-    "url": "https://www.example.com/bugs/1370"
+    "url": "https://www.example.com/bugs/1370",
+    "external_id": "1370"
 }"""


@ -92,8 +98,8 @@ def test_external_reference_bugzilla():


 OFFLINE = """{
-    "description": "Threat report",
-    "source_name": "ACME Threat Intel"
+    "source_name": "ACME Threat Intel",
+    "description": "Threat report"
 }"""


@ -104,7 +110,7 @@ def test_external_reference_offline():
    )

    assert str(ref) == OFFLINE
-    assert re.match("ExternalReference\(description=u?'Threat report', source_name=u?'ACME Threat Intel'\)", repr(ref))
+    assert re.match("ExternalReference\(source_name=u?'ACME Threat Intel', description=u?'Threat report'\)", repr(ref))
    # Yikes! This works
    assert eval("stix2." + repr(ref)) == ref

--- a/stix2/test/test_identity.py
+++ b/stix2/test/test_identity.py
@ -9,12 +9,12 @@ from .constants import IDENTITY_ID


 EXPECTED = """{
-    "created": "2015-12-21T19:59:11.000Z",
+    "type": "identity",
    "id": "identity--311b2d2d-f010-5473-83ec-1edf84858f4c",
-    "identity_class": "individual",
+    "created": "2015-12-21T19:59:11.000Z",
    "modified": "2015-12-21T19:59:11.000Z",
    "name": "John Smith",
-    "type": "identity"
+    "identity_class": "individual"
 }"""


--- a/stix2/test/test_indicator.py
+++ b/stix2/test/test_indicator.py
@ -10,25 +10,25 @@ from .constants import FAKE_TIME, INDICATOR_ID, INDICATOR_KWARGS


 EXPECTED_INDICATOR = """{
-    "created": "2017-01-01T00:00:01.000Z",
+    "type": "indicator",
    "id": "indicator--01234567-89ab-cdef-0123-456789abcdef",
+    "created": "2017-01-01T00:00:01.000Z",
+    "modified": "2017-01-01T00:00:01.000Z",
    "labels": [
        "malicious-activity"
    ],
-    "modified": "2017-01-01T00:00:01.000Z",
    "pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
-    "type": "indicator",
    "valid_from": "1970-01-01T00:00:01Z"
 }"""

 EXPECTED_INDICATOR_REPR = "Indicator(" + " ".join("""
-    created=STIXdatetime(2017, 1, 1, 0, 0, 1, tzinfo=<UTC>),
-    id='indicator--01234567-89ab-cdef-0123-456789abcdef',
-    labels=['malicious-activity'],
-    modified=STIXdatetime(2017, 1, 1, 0, 0, 1, tzinfo=<UTC>),
-    pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
    type='indicator',
-    valid_from=datetime.datetime(1970, 1, 1, 0, 0, 1, tzinfo=<UTC>)
+    id='indicator--01234567-89ab-cdef-0123-456789abcdef',
+    created='2017-01-01T00:00:01.000Z',
+    modified='2017-01-01T00:00:01.000Z',
+    labels=['malicious-activity'],
+    pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
+    valid_from='1970-01-01T00:00:01Z'
 """.split()) + ")"


--- a/stix2/test/test_intrusion_set.py
+++ b/stix2/test/test_intrusion_set.py
@ -9,21 +9,21 @@ from .constants import INTRUSION_SET_ID


 EXPECTED = """{
+    "type": "intrusion-set",
+    "id": "intrusion-set--4e78f46f-a023-4e5f-bc24-71b3ca22ec29",
+    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
+    "created": "2016-04-06T20:03:48.000Z",
+    "modified": "2016-04-06T20:03:48.000Z",
+    "name": "Bobcat Breakin",
+    "description": "Incidents usually feature a shared TTP of a bobcat being released...",
    "aliases": [
        "Zookeeper"
    ],
-    "created": "2016-04-06T20:03:48.000Z",
-    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
-    "description": "Incidents usually feature a shared TTP of a bobcat being released...",
    "goals": [
        "acquisition-theft",
        "harassment",
        "damage"
-    ],
-    "id": "intrusion-set--4e78f46f-a023-4e5f-bc24-71b3ca22ec29",
-    "modified": "2016-04-06T20:03:48.000Z",
-    "name": "Bobcat Breakin",
-    "type": "intrusion-set"
+    ]
 }"""


--- a/stix2/test/test_malware.py
+++ b/stix2/test/test_malware.py
@ -10,14 +10,14 @@ from .constants import FAKE_TIME, MALWARE_ID, MALWARE_KWARGS


 EXPECTED_MALWARE = """{
-    "created": "2016-05-12T08:17:27.000Z",
+    "type": "malware",
    "id": "malware--fedcba98-7654-3210-fedc-ba9876543210",
-    "labels": [
-        "ransomware"
-    ],
+    "created": "2016-05-12T08:17:27.000Z",
    "modified": "2016-05-12T08:17:27.000Z",
    "name": "Cryptolocker",
-    "type": "malware"
+    "labels": [
+        "ransomware"
+    ]
 }"""


--- a/stix2/test/test_markings.py
+++ b/stix2/test/test_markings.py
@ -10,36 +10,36 @@ from .constants import MARKING_DEFINITION_ID


 EXPECTED_TLP_MARKING_DEFINITION = """{
+    "type": "marking-definition",
+    "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
    "created": "2017-01-20T00:00:00Z",
+    "definition_type": "tlp",
    "definition": {
        "tlp": "white"
-    },
-    "definition_type": "tlp",
-    "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
-    "type": "marking-definition"
+    }
 }"""

 EXPECTED_STATEMENT_MARKING_DEFINITION = """{
+    "type": "marking-definition",
+    "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
    "created": "2017-01-20T00:00:00Z",
+    "definition_type": "statement",
    "definition": {
        "statement": "Copyright 2016, Example Corp"
-    },
-    "definition_type": "statement",
-    "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
-    "type": "marking-definition"
+    }
 }"""

 EXPECTED_CAMPAIGN_WITH_OBJECT_MARKING = """{
-    "created": "2016-04-06T20:03:00.000Z",
-    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
-    "description": "Campaign by Green Group against a series of targets in the financial services sector.",
+    "type": "campaign",
    "id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
+    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
+    "created": "2016-04-06T20:03:00.000Z",
    "modified": "2016-04-06T20:03:00.000Z",
    "name": "Green Group Attacks Against Finance",
+    "description": "Campaign by Green Group against a series of targets in the financial services sector.",
    "object_marking_refs": [
        "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
-    ],
-    "type": "campaign"
+    ]
 }"""

 EXPECTED_GRANULAR_MARKING = """{
@ -53,8 +53,12 @@ EXPECTED_GRANULAR_MARKING = """{
 }"""

 EXPECTED_CAMPAIGN_WITH_GRANULAR_MARKINGS = """{
-    "created": "2016-04-06T20:03:00.000Z",
+    "type": "campaign",
+    "id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
+    "created": "2016-04-06T20:03:00.000Z",
+    "modified": "2016-04-06T20:03:00.000Z",
+    "name": "Green Group Attacks Against Finance",
    "description": "Campaign by Green Group against a series of targets in the financial services sector.",
    "granular_markings": [
        {
@ -63,11 +67,7 @@ EXPECTED_CAMPAIGN_WITH_GRANULAR_MARKINGS = """{
                "description"
            ]
        }
-    ],
-    "id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
-    "modified": "2016-04-06T20:03:00.000Z",
-    "name": "Green Group Attacks Against Finance",
-    "type": "campaign"
+    ]
 }"""


--- a/stix2/test/test_observed_data.py
+++ b/stix2/test/test_observed_data.py
@ -10,20 +10,20 @@ from .constants import OBSERVED_DATA_ID


 EXPECTED = """{
-    "created": "2016-04-06T19:58:16.000Z",
-    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
-    "first_observed": "2015-12-21T19:00:00Z",
+    "type": "observed-data",
    "id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf",
-    "last_observed": "2015-12-21T19:00:00Z",
+    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
+    "created": "2016-04-06T19:58:16.000Z",
    "modified": "2016-04-06T19:58:16.000Z",
+    "first_observed": "2015-12-21T19:00:00Z",
+    "last_observed": "2015-12-21T19:00:00Z",
    "number_observed": 50,
    "objects": {
        "0": {
-            "name": "foo.exe",
-            "type": "file"
+            "type": "file",
+            "name": "foo.exe"
        }
-    },
-    "type": "observed-data"
+    }
 }"""


@ -48,27 +48,27 @@ def test_observed_data_example():


 EXPECTED_WITH_REF = """{
-    "created": "2016-04-06T19:58:16.000Z",
-    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
-    "first_observed": "2015-12-21T19:00:00Z",
+    "type": "observed-data",
    "id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf",
-    "last_observed": "2015-12-21T19:00:00Z",
+    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
+    "created": "2016-04-06T19:58:16.000Z",
    "modified": "2016-04-06T19:58:16.000Z",
+    "first_observed": "2015-12-21T19:00:00Z",
+    "last_observed": "2015-12-21T19:00:00Z",
    "number_observed": 50,
    "objects": {
        "0": {
-            "name": "foo.exe",
-            "type": "file"
+            "type": "file",
+            "name": "foo.exe"
        },
        "1": {
+            "type": "directory",
+            "path": "/usr/home",
            "contains_refs": [
                "0"
-            ],
-            "path": "/usr/home",
-            "type": "directory"
+            ]
        }
-    },
-    "type": "observed-data"
+    }
 }"""


@ -173,7 +173,7 @@ def test_parse_observed_data(data):
    }""",
 ])
 def test_parse_artifact_valid(data):
-    odata_str = re.compile('"objects".+\},', re.DOTALL).sub('"objects": { %s },' % data, EXPECTED)
+    odata_str = re.compile('"objects".+\}', re.DOTALL).sub('"objects": { %s }\n}' % data, EXPECTED)
    odata = stix2.parse(odata_str)
    assert odata.objects["0"].type == "artifact"

@ -194,7 +194,7 @@ def test_parse_artifact_valid(data):
    }""",
 ])
 def test_parse_artifact_invalid(data):
-    odata_str = re.compile('"objects".+\},', re.DOTALL).sub('"objects": { %s },' % data, EXPECTED)
+    odata_str = re.compile('"objects".+\}', re.DOTALL).sub('"objects": { %s }\n}' % data, EXPECTED)
    with pytest.raises(ValueError):
        stix2.parse(odata_str)

@ -215,7 +215,7 @@ def test_artifact_example_dependency_error():
    }""",
 ])
 def test_parse_autonomous_system_valid(data):
-    odata_str = re.compile('"objects".+\},', re.DOTALL).sub('"objects": { %s },' % data, EXPECTED)
+    odata_str = re.compile('"objects".+\}', re.DOTALL).sub('"objects": { %s }\n}' % data, EXPECTED)
    odata = stix2.parse(odata_str)
    assert odata.objects["0"].type == "autonomous-system"
    assert odata.objects["0"].number == 15139
@ -358,7 +358,7 @@ def test_parse_email_message_not_multipart(data):
        }""",
 ])
 def test_parse_file_archive(data):
-    odata_str = re.compile('"objects".+\},', re.DOTALL).sub('"objects": { %s },' % data, EXPECTED)
+    odata_str = re.compile('"objects".+\}', re.DOTALL).sub('"objects": { %s }\n}' % data, EXPECTED)
    odata = stix2.parse(odata_str)
    assert odata.objects["3"].extensions['archive-ext'].version == "5.0"

--- a/stix2/test/test_relationship.py
+++ b/stix2/test/test_relationship.py
@ -10,13 +10,13 @@ from .constants import (FAKE_TIME, INDICATOR_ID, MALWARE_ID, RELATIONSHIP_ID,


 EXPECTED_RELATIONSHIP = """{
-    "created": "2016-04-06T20:06:37.000Z",
+    "type": "relationship",
    "id": "relationship--00000000-1111-2222-3333-444444444444",
+    "created": "2016-04-06T20:06:37.000Z",
    "modified": "2016-04-06T20:06:37.000Z",
    "relationship_type": "indicates",
    "source_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef",
-    "target_ref": "malware--fedcba98-7654-3210-fedc-ba9876543210",
-    "type": "relationship"
+    "target_ref": "malware--fedcba98-7654-3210-fedc-ba9876543210"
 }"""


--- a/stix2/test/test_report.py
+++ b/stix2/test/test_report.py
@ -9,22 +9,22 @@ from .constants import INDICATOR_KWARGS, REPORT_ID


 EXPECTED = """{
-    "created": "2015-12-21T19:59:11.000Z",
-    "created_by_ref": "identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283",
-    "description": "A simple report with an indicator and campaign",
+    "type": "report",
    "id": "report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3",
-    "labels": [
-        "campaign"
-    ],
+    "created_by_ref": "identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283",
+    "created": "2015-12-21T19:59:11.000Z",
    "modified": "2015-12-21T19:59:11.000Z",
    "name": "The Black Vine Cyberespionage Group",
+    "description": "A simple report with an indicator and campaign",
+    "published": "2016-01-20T17:00:00Z",
    "object_refs": [
        "indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2",
        "campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c",
        "relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a"
    ],
-    "published": "2016-01-20T17:00:00Z",
-    "type": "report"
+    "labels": [
+        "campaign"
+    ]
 }"""


--- a/stix2/test/test_sighting.py
+++ b/stix2/test/test_sighting.py
@ -9,11 +9,11 @@ from .constants import INDICATOR_ID, SIGHTING_ID, SIGHTING_KWARGS


 EXPECTED_SIGHTING = """{
-    "created": "2016-04-06T20:06:37.000Z",
+    "type": "sighting",
    "id": "sighting--bfbc19db-ec35-4e45-beed-f8bde2a772fb",
+    "created": "2016-04-06T20:06:37.000Z",
    "modified": "2016-04-06T20:06:37.000Z",
    "sighting_of_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef",
-    "type": "sighting",
    "where_sighted_refs": [
        "identity--8cc7afd6-5455-4d2b-a736-e614ee631d99"
    ]
--- a/stix2/test/test_threat_actor.py
+++ b/stix2/test/test_threat_actor.py
@ -9,16 +9,16 @@ from .constants import THREAT_ACTOR_ID


 EXPECTED = """{
-    "created": "2016-04-06T20:03:48.000Z",
-    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
-    "description": "The Evil Org threat actor group",
+    "type": "threat-actor",
    "id": "threat-actor--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
-    "labels": [
-        "crime-syndicate"
-    ],
+    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
+    "created": "2016-04-06T20:03:48.000Z",
    "modified": "2016-04-06T20:03:48.000Z",
    "name": "Evil Org",
-    "type": "threat-actor"
+    "description": "The Evil Org threat actor group",
+    "labels": [
+        "crime-syndicate"
+    ]
 }"""


--- a/stix2/test/test_tool.py
+++ b/stix2/test/test_tool.py
@ -9,15 +9,15 @@ from .constants import TOOL_ID


 EXPECTED = """{
-    "created": "2016-04-06T20:03:48.000Z",
-    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
+    "type": "tool",
    "id": "tool--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
-    "labels": [
-        "remote-access"
-    ],
+    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
+    "created": "2016-04-06T20:03:48.000Z",
    "modified": "2016-04-06T20:03:48.000Z",
    "name": "VNC",
-    "type": "tool"
+    "labels": [
+        "remote-access"
+    ]
 }"""


--- a/stix2/test/test_vulnerability.py
+++ b/stix2/test/test_vulnerability.py
@ -9,17 +9,17 @@ from .constants import VULNERABILITY_ID


 EXPECTED = """{
-    "created": "2016-05-12T08:17:27.000Z",
-    "external_references": [
-        {
-            "external_id": "CVE-2016-1234",
-            "source_name": "cve"
-        }
-    ],
+    "type": "vulnerability",
    "id": "vulnerability--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
+    "created": "2016-05-12T08:17:27.000Z",
    "modified": "2016-05-12T08:17:27.000Z",
    "name": "CVE-2016-1234",
-    "type": "vulnerability"
+    "external_references": [
+        {
+            "source_name": "cve",
+            "external_id": "CVE-2016-1234"
+        }
+    ]
 }"""